b2e3b3edf52c7b02b128beba207344ac58d9045076a3c3bab471a4b1e0a7b5cc

max time kernel
251s
max time network
258s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 14:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2024-04-11 12.37.45 PM.png
Size

25KB
MD5

6b7dc856f8c243f6f19b6919f9c3a1ce
SHA1

8b652199f0126eee7c36304046510f4b8b544f5d
SHA256

b2e3b3edf52c7b02b128beba207344ac58d9045076a3c3bab471a4b1e0a7b5cc
SHA512

68528343cd7bccf0ec068afae317ac0201d2556f7aabf7fbf6a4e843669289c4de1115910af54d3c9cc3e806104efbf1c552ea8a2ac9195bb86eae7917a2fced
SSDEEP

384:Tjze0/+KycJrKUZggOdglJeysrE6tuY0ek2YB+iLIJlph:vzB/VPZ/lOuY0V93LIJlph

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{6386FF71-407F-4F80-8E35-EB8F53601938}	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2460	chrome.exe
2460	chrome.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1476	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1476	AUDIODG.EXE

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-04-11 12.37.45 PM.png"
1⤵
PID:3580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffbef239758,0x7ffbef239768,0x7ffbef239778
1⤵
PID:760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1848 --field-trial-handle=1864,i,5971433152871074040,2304703757259199477,131072 /prefetch:2
1⤵
PID:4676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1864,i,5971433152871074040,2304703757259199477,131072 /prefetch:8
1⤵
PID:3992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2284 --field-trial-handle=1864,i,5971433152871074040,2304703757259199477,131072 /prefetch:8
1⤵
PID:1812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=3124 --field-trial-handle=1864,i,5971433152871074040,2304703757259199477,131072 /prefetch:1
1⤵
PID:4296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1864,i,5971433152871074040,2304703757259199477,131072 /prefetch:1
1⤵
PID:4668

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --mojo-platform-channel-handle=4760 --field-trial-handle=1864,i,5971433152871074040,2304703757259199477,131072 /prefetch:1
1⤵
PID:4628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4852 --field-trial-handle=1864,i,5971433152871074040,2304703757259199477,131072 /prefetch:8
1⤵
PID:3540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5000 --field-trial-handle=1864,i,5971433152871074040,2304703757259199477,131072 /prefetch:8
1⤵
PID:4940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 --field-trial-handle=1864,i,5971433152871074040,2304703757259199477,131072 /prefetch:8
1⤵
PID:4600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1864,i,5971433152871074040,2304703757259199477,131072 /prefetch:8
1⤵
PID:1016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=4916 --field-trial-handle=1864,i,5971433152871074040,2304703757259199477,131072 /prefetch:1
1⤵
PID:3868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=4740 --field-trial-handle=1864,i,5971433152871074040,2304703757259199477,131072 /prefetch:1
1⤵
PID:2940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=4980 --field-trial-handle=1864,i,5971433152871074040,2304703757259199477,131072 /prefetch:1
1⤵
PID:2600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=5632 --field-trial-handle=1864,i,5971433152871074040,2304703757259199477,131072 /prefetch:1
1⤵
PID:1576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1340 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:8
1⤵
PID:3708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2684 --field-trial-handle=1864,i,5971433152871074040,2304703757259199477,131072 /prefetch:2
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5080 --field-trial-handle=1864,i,5971433152871074040,2304703757259199477,131072 /prefetch:1
1⤵
PID:1020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1864,i,5971433152871074040,2304703757259199477,131072 /prefetch:8
1⤵
PID:3620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=1736 --field-trial-handle=1864,i,5971433152871074040,2304703757259199477,131072 /prefetch:1
1⤵
PID:3108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5692 --field-trial-handle=1864,i,5971433152871074040,2304703757259199477,131072 /prefetch:8
1⤵
PID:4160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1864,i,5971433152871074040,2304703757259199477,131072 /prefetch:8
1⤵
- Modifies registry class
PID:3348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=1780 --field-trial-handle=1864,i,5971433152871074040,2304703757259199477,131072 /prefetch:1
1⤵
PID:684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=4948 --field-trial-handle=1864,i,5971433152871074040,2304703757259199477,131072 /prefetch:1
1⤵
PID:2068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=2748 --field-trial-handle=1864,i,5971433152871074040,2304703757259199477,131072 /prefetch:1
1⤵
PID:4876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5024 --field-trial-handle=1864,i,5971433152871074040,2304703757259199477,131072 /prefetch:8
1⤵
PID:3048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4760 --field-trial-handle=1864,i,5971433152871074040,2304703757259199477,131072 /prefetch:8
1⤵
PID:3348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=5780 --field-trial-handle=1864,i,5971433152871074040,2304703757259199477,131072 /prefetch:1
1⤵
PID:1736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3532 --field-trial-handle=1864,i,5971433152871074040,2304703757259199477,131072 /prefetch:8
1⤵
PID:4440

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x4fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
40KB

MD5
5ce7bdeeea547dc5e395554f1de0b179

SHA1
3dba53fa4da7c828a468d17abc09b265b664078a

SHA256
675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9

SHA512
0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
5ca6773ec1f66193f5649abfd54997cb

SHA1
020e58bdbc37fecf4cb6aa319acf875fd844bbda

SHA256
f415eaa947b8bec6d5e0618ae4213ece01421b3bc4c948d9abb4a778234be6d3

SHA512
03d5ce33eb4c88c52eb0fbe725f1c6af786ec994d1da60cd2495def351d5b3513265c394e45d7ed423d350ff8af45cea8b1074f0b4b843d76e0d915e4599ceb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
9ad8b719958d40ec51b8c93cf675ec90

SHA1
99bb2fec30a9261a30a441b97334ffc11537a473

SHA256
3c07dcd998465f3a1f2c78a23b5db48e39ca1128763135349caae15276a7a897

SHA512
fbbb3cc7dfe71d271a73a6ec71fd3956a0b4abdf63c9c09f5234730dfafabd84b1d2ee48a86365bff002e4da4253ffb5d1e84cc5a2e5b1ccbabd251a09abf928

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
867B

MD5
1b43345b70c172eaeffcecdf716dad8c

SHA1
a1501a0019e58f62313b9c0b6b645aca4220775c

SHA256
622374cded99ab51c89b8b404c8f4c93a32a4610a40bceb359a67c24e901e486

SHA512
3fdcaeac1ab6b323f75acdc7ee14237ed73ca5959b496673ea5f5b4db648b8a7a255523d8591cbfa3bef8d9c7a13d4f3c5dfbf98f5a27de29cb6b3dc78955837

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1c4e95cbcd5744e9fc7675b40fdb8083

SHA1
81f700630c0ccd9306da5c02636e83bb6b2ea735

SHA256
041c2d68f5a762a8a125010835fe351794483f68181eead45a3ba4751eb91257

SHA512
70fd04292417af90ca6a65ff9469e7d12c76561374a1adf153150c2f89bac3e07b9a0ac1f8c14e0bc9307d793567176f4a591596d6b4974fbbb333516171017e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
533B

MD5
215827b4711b2f11fdd9767234e938c7

SHA1
459aac7cd3830d109d2cfe4fb5745f00c9bbf736

SHA256
8d9250675cd17ad03bcef479bb25245bdc580c7c207977c5a3dce291bd205274

SHA512
300fc16c50b87acf3e95ccd2bfea3ebc50419834dca23d94e8f35be51cbccaac5fb2d55e7c6948216869917d09f4d9b5a7402061917d0e94d664b087004e989f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
865B

MD5
cac3e30a1a417d2253381dae9e2b6c0c

SHA1
705ac71c8afd40cdee049e8dca111fa5f8d5b9ee

SHA256
d2ee495dae1df96838cc667642b396b17c0600f79616c80ae7be67387b794666

SHA512
650f794cc86bbbdc6bbaa11614806e95688805c51e57856418e9efb9b2084712bfb4d76937c8e34519f792140d2fba7cfaeb4cf24e5dae119fd1abacb66e20cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
89fc1d84359f6416c4555182068cfd25

SHA1
c69c924c3ab55d3982d7f8acc71c629fc6b5c2f4

SHA256
5077d08dc6eb9e053e082bb0604360c98601a6c98f48459688d074ec214f30ea

SHA512
40f0892531c83dec2cf05e89a51cf21d624d2bdd5bdd408693de10b0dd672a8cba5c71f11157e8cf295afa110b0d8371dbd51df5e7c9b890ca201ccb5f46d19d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9b3e41b718731fbe5c1d295d0ab2080d

SHA1
818365327e744d5e4f399eb17cf42e3e287eb185

SHA256
44b61910e106d1ab7ee9f3256a9db244dbf2e1bbde484010b554f912a9f067fc

SHA512
2b076348a621cc7348c47a894ed943eb5ec3f29fe94bea84b45412309b6b31c3b07dbb8751762d382bb3f689ec6293e165b8c9971ec02326e7e8febdc8525582

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0065150c2a6c9102b45e2b902a3f044e

SHA1
1ec4c756afeab11b7f385ff6f4389cb5f5068c18

SHA256
89b7ac2a007ef2b08c41170f1393231d2986a5e0fca303f40762b95998fa931e

SHA512
22c45728ea32062bf405ffb7d2e167953a70b583df2f41c2ba8729d81a41967fd8ec4c897d9419908e985b53fa9bf24bdc036702f6eacb16f8eaa1aee0c5c8e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2a9224fdf017973891358eb80d6abdbf

SHA1
a9ec3e4d8da879a6abf29a16aea9062810bdeb5f

SHA256
d44b7171cbb22ae198e43208a7e766649a77a103d72eb1bb4c43f5fbf37d77de

SHA512
24086ea3acfb6b1edd0063524bd10ac50e20c70222245176cf22f1d971f58bc982e2dd242bff8c22013bed7be525c2fca7699c545d5a18023c65b7babcdff0d8

Download Submit